Botframework-emulator: Bot Emulator v4 - Refresh access token failed 400

Created on 1 Nov 2018  ·  7Comments  ·  Source: microsoft/BotFramework-Emulator

When I tried to use the production endpoint in the bot framework emulator. I have configured the endpoints in the bot file as below with information from the azure.But I am unable to the access it via the Emulator and also it does not connect in the "Test in Webchat" in Azure after deployment via Git to Azure. It works fine locally

Using latest stable version of emulator

{
"appId": "fb7bedbc-b786-1234-89b7-25b2b44c0d14",
"appPassword": "+SDDFFIV8deExBUw==!2Y7yYMFMgB7EDmSEVDB61g==",
"endpoint": "https://Something.azurewebsites.net/api/messages",
"type": "endpoint",
"name": "production",
"id": "4"
},

It returns me the following error

Refresh access token failed with status code: 400

image

In the channels I see the following error triggered. Is the issue with web chat channel globally?

There was an error sending this message to your bot: HTTP status code GatewayTimeout

image

Most helpful comment

@justinwilaby jus @deepanigi @vishwacsena I had the same error. For me the issue was that the Bot App Registration was made manually by an IT Admin and that access to the App Registration was limited to my Azure organization and that the bot service probably couldn't access it?

I think this detail is not documented well. For automatic registrations this might not be an issue but in our organization this cannot be done automatically when creating a bot.

Screenshot from the "Authentication" tab in the App Registration:

image

All 7 comments

I analyzed the issue using Fiddler Trace. I think the tokens are being generated .

image

But the Emulator is not picking it . As seen the below screenshot both of the fiddler and emulator refers to the same conversation ID.

image

If you look at this async function, you'll notice that the emulator is throwing if the response from the tokenEndpoint call is something other than 200. Are you certain your appId and password are correct?

If you look at this async function, you'll notice that the emulator is throwing if the response from the tokenEndpoint call is something other than 200. Are you certain your appId and password are correct?

Yes , I have cross checked the Appid and password its correct. When i tried to call the curl script to check the authentication i am facing the error too.

curl -k -X POST https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token -d "grant_type=client_credentials&client_id=fb7bedbc-b786-47e7-89b7-25b2b44c0d14&client_secret=+SDDFFIV8deExBUw==!2Y7yYMFMgB7EDmSEVDB61g==&scope=https%3A%2F%2Fapi.botframework.com%2F.default"

Error:

{"error":"unauthorized_client","error_description":"AADSTS700016: Application with identifier 'fb7bedbc-b786-47e7-89b7-25b2b44c0d14' was not found in the directory 'botframework.com'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant\r\nTrace ID: 790383e5-df47-48c1-9d82-506295280700\r\nCorrelation ID: b92be278-3858-4602-a7ab-c7117f61edfc\r\nTimestamp: 2018-11-01 23:09:54Z","error_codes":[700016],"timestamp":"2018-11-01 23:09:54Z","trace_id":"790383e5-df47-48c1-9d82-506295280700","correlation_id":"b92be278-3858-4602-a7ab-c7117f61edfc"}

I deplyed the code over to azure using continous deployment . When trying to access from the test in webchat i am getting the refresh token issue in kudu.Error is triggered onTurnError

[onTurnError]: Error: Refresh access token failed with status code: 400

[onTurnError]: Error: Refresh access token failed with status code: 400
(node:13120) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 7): Error: Refresh access token failed with status code: 400
(node:13120) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
(node:13120) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 10): Error: Refresh access token failed with status code: 400

It's not likely this is an emulator issue if you are seeing it in the portal's webchat as well as with using curl. Have you searched for that error code or tried to deploy to production to see if that yields different results?

It's not likely this is an emulator issue if you are seeing it in the portal's webchat as well as with using curl. Have you searched for that error code or tried to deploy to production to see if that yields different results?

I tried to run the Curl on kudu console and still the same issue. Also when i deployed it to azure using production endpoints. I was facing the same "[onTurnError]: Error: Refresh access token failed with status code: 400" on kudu log

@deepanigi - There was a service outage yesterday that has since been addressed that possibly impacted the access token retrieval over directline (which is what emulator relies on). can you please try again to see if you continue to run into this issue? If so, please re-open the ticket and we will continue to investigate.

@justinwilaby jus @deepanigi @vishwacsena I had the same error. For me the issue was that the Bot App Registration was made manually by an IT Admin and that access to the App Registration was limited to my Azure organization and that the bot service probably couldn't access it?

I think this detail is not documented well. For automatic registrations this might not be an issue but in our organization this cannot be done automatically when creating a bot.

Screenshot from the "Authentication" tab in the App Registration:

image

Was this page helpful?
0 / 5 - 0 ratings